<?php
session_start();
$location = 'index.php';
if(isset($_POST['login'])){
	$username = $_POST['username'];
	$password = md5($_POST['password']);
	if($username == ''){
		$_SESSION['message'] = 'enter username';
		$location = 'index.php';
	} else if($password == ''){
		$_SESSION['message'] = 'enter password';
		$location = 'index.php';
	} else{
		$dbConnection = mysqli_connect('localhost', 'root', 'root', 'tractor');
		$query = "select user_name, user_pass, money from user where user_name ='$username' and user_pass = '$password'";
		echo $query;
		$result = mysqli_query($dbConnection, $query);
		if(mysqli_num_rows($result) == 0){
			$location = 'index.php';
			$_SESSION['message'] = 'wrong username or password';
		} else{
			$row = mysqli_fetch_assoc($result);
			$_SESSION['username'] = $row['user_name'];
			$_SESSION['money'] = $row['money'];
			$location = "main.php";
		}
	}
}

header('Location:' . $location);